<?php

namespace App\Http\Middleware;

use Closure;
use Auth;

class AuthMiddleware {

    /**
     * Run the request filter.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = 'manager')
    {       
        $scope = $guard == 'manager' ? 'admin' : 'shop'; // 检查令牌实例上的作用域
        if (auth()->guard($guard)->guest() || auth()->guard($guard)->user()->tokenCan($scope) !== true) {
            if ($request->ajax() || $request->wantsJson()) {
                return response('Unauthorized.', 401);
            } else {
                return redirect()->guest('/login');
            }
        }

        return $next($request);
    }

}